34 #ifndef __PCAP_REMOTE_H__ 35 #define __PCAP_REMOTE_H__ 39 #include "sockutils.h" 85 #define RPCAP_DEFAULT_NETPORT "2002" 87 #define RPCAP_DEFAULT_NETPORT_ACTIVE "2003" 88 #define RPCAP_DEFAULT_NETADDR "" 89 #define RPCAP_VERSION 0 90 #define RPCAP_TIMEOUT_INIT 90 91 #define RPCAP_TIMEOUT_RUNTIME 180 92 #define RPCAP_ACTIVE_WAIT 30 93 #define RPCAP_SUSPEND_WRONGAUTH 1 99 #define RPCAP_NETBUF_SIZE 64000 109 #define RPCAP_HOSTLIST_SEP " ,;\n\r" 173 struct sockaddr_storage addr;
174 struct sockaddr_storage netmask;
175 struct sockaddr_storage broadaddr;
176 struct sockaddr_storage dstaddr;
280 #define RPCAP_MSG_ERROR 1 281 #define RPCAP_MSG_FINDALLIF_REQ 2 282 #define RPCAP_MSG_OPEN_REQ 3 283 #define RPCAP_MSG_STARTCAP_REQ 4 284 #define RPCAP_MSG_UPDATEFILTER_REQ 5 285 #define RPCAP_MSG_CLOSE 6 286 #define RPCAP_MSG_PACKET 7 287 #define RPCAP_MSG_AUTH_REQ 8 288 #define RPCAP_MSG_STATS_REQ 9 289 #define RPCAP_MSG_ENDCAP_REQ 10 290 #define RPCAP_MSG_SETSAMPLING_REQ 11 292 #define RPCAP_MSG_FINDALLIF_REPLY (128+RPCAP_MSG_FINDALLIF_REQ) 293 #define RPCAP_MSG_OPEN_REPLY (128+RPCAP_MSG_OPEN_REQ) 294 #define RPCAP_MSG_STARTCAP_REPLY (128+RPCAP_MSG_STARTCAP_REQ) 295 #define RPCAP_MSG_UPDATEFILTER_REPLY (128+RPCAP_MSG_UPDATEFILTER_REQ) 296 #define RPCAP_MSG_AUTH_REPLY (128+RPCAP_MSG_AUTH_REQ) 297 #define RPCAP_MSG_STATS_REPLY (128+RPCAP_MSG_STATS_REQ) 298 #define RPCAP_MSG_ENDCAP_REPLY (128+RPCAP_MSG_ENDCAP_REQ) 299 #define RPCAP_MSG_SETSAMPLING_REPLY (128+RPCAP_MSG_SETSAMPLING_REQ) 301 #define RPCAP_STARTCAPREQ_FLAG_PROMISC 1 302 #define RPCAP_STARTCAPREQ_FLAG_DGRAM 2 303 #define RPCAP_STARTCAPREQ_FLAG_SERVEROPEN 4 304 #define RPCAP_STARTCAPREQ_FLAG_INBOUND 8 305 #define RPCAP_STARTCAPREQ_FLAG_OUTBOUND 16 307 #define RPCAP_UPDATEFILTER_BPF 1 310 // Network error codes 311 #define PCAP_ERR_NETW 1 312 #define PCAP_ERR_INITTIMEOUT 2 313 #define PCAP_ERR_AUTH 3 314 #define PCAP_ERR_FINDALLIF 4 315 #define PCAP_ERR_NOREMOTEIF 5 316 #define PCAP_ERR_OPEN 6 317 #define PCAP_ERR_UPDATEFILTER 7 318 #define PCAP_ERR_GETSTATS 8 319 #define PCAP_ERR_READEX 9 320 #define PCAP_ERR_HOSTNOAUTH 10 321 #define PCAP_ERR_REMOTEACCEPT 11 322 #define PCAP_ERR_STARTCAPTURE 12 323 #define PCAP_ERR_ENDCAPTURE 13 324 #define PCAP_ERR_RUNTIMETIMEOUT 14 325 #define PCAP_ERR_SETSAMPLING 15 326 #define PCAP_ERR_WRONGMSG 16 327 #define PCAP_ERR_WRONGVER 17 // end of private documentation 355 int rpcap_deseraddr(
struct sockaddr_storage *sockaddrin,
struct sockaddr_storage **sockaddrout,
char *errbuf);
357 int rpcap_senderror(SOCKET sock,
char *error,
unsigned short errcode,
char *errbuf);
Structure that is needed to set sampling parameters.
uint32 ifrecv
Packets received by the kernel filter (i.e. pcap_stats.ps_recv)
int pcap_setsampling_remote(pcap_t *p)
Header of a packet in the dump file.
Format of the reply message that devoted to start a remote capture (startcap reply command) ...
int pcap_read_remote(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
int pcap_updatefilter_remote(pcap_t *fp, struct bpf_program *prog)
uint16 dummy
Must be zero.
uint16 slen1
Length of the first authentication item (e.g. username)
uint32 krnldrop
Packets dropped by the kernel filter (i.e. pcap_stats.ps_drop)
uint16 dummy
Must be zero.
struct pcap pcap_t
Descriptor of an open capture instance. This structure is opaque to the user, that handles its conten...
uint16 filtertype
type of the filter transferred (BPF instructions, ...)
Format of the message for the interface description (findalldevs command)
uint8 method
Sampling method.
uint32 svrcapt
Packets captured by the RPCAP daemon and sent on the network.
Keeps a list of all the opened connections in the active mode.
Structure that keeps statistical values on an interface.
uint16 dummy
Must be zero.
Structure that keeps the data required for the authentication on the remote host. ...
uint32 read_timeout
Read timeout in milliseconds.
unsigned short uint16
Provides a 16-bits unsigned integer.
int pcap_stats_remote(pcap_t *p, struct pcap_stat *ps)
uint16 slen2
Length of the second authentication item (e.g. password)
uint32 nitems
Number of items contained into the filter (e.g. BPF instructions for BPF filters) ...
uint32 value
Parameter related to the sampling method.
int32 k
instruction-dependent value
uint16 dummy2
Must be zero.
uint32 flags
Interface flags.
int rpcap_sendauth(SOCKET sock, struct pcap_rmtauth *auth, char *errbuf)
int int32
Provides a 32-bits integer.
struct activehosts * next
uint16 dummy
Must be zero.
unsigned char uint8
Provides an 8-bits unsigned integer.
uint32 timestamp_usec
'struct timeval' compatible, it represents the 'tv_usec' field
int pcap_startcapture_remote(pcap_t *fp)
Format of the message that starts a remote capture (startcap command)
int rpcap_senderror(SOCKET sock, char *error, unsigned short errcode, char *errbuf)
uint32 npkt
Ordinal number of the packet (i.e. the first one captured has '1', the second one '2'...
uint16 code
opcode of the instuction
Structure that keeps a single BPF instuction; it is repeated 'ninsn' times according to the 'rpcap_fi...
uint16 type
Authentication type.
void(* pcap_handler)(u_char *user, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data)
Prototype of the callback function that receives the packets.
uint32 len
Real length this packet (off wire)
General header used for the pcap_setfilter() command; keeps just the number of BPF instructions...
uint16 portdata
Network port on which the server is waiting at (passive mode only)
uint16 namelen
Length of the interface name.
This structure keeps the information needed to autheticate the user on a remote machine.
Format of the message for the address listing (findalldevs command)
uint16 flags
Flags (see RPCAP_STARTCAPREQ_FLAG_xxx)
int rpcap_checkmsg(char *errbuf, SOCKET sock, struct rpcap_header *header, uint8 first,...)
uint32 caplen
Length of portion present in the capture.
int pcap_setfilter_remote(pcap_t *fp, struct bpf_program *prog)
void rpcap_createhdr(struct rpcap_header *header, uint8 type, uint16 value, uint32 length)
int rpcap_deseraddr(struct sockaddr_storage *sockaddrin, struct sockaddr_storage **sockaddrout, char *errbuf)
Format of the message of the connection opening reply (open command).
void pcap_cleanup_remote(pcap_t *p)
uint32 timestamp_sec
'struct timeval' compatible, it represents the 'tv_sec' field
int pcap_read_nocb_remote(pcap_t *p, struct pcap_pkthdr **pkt_header, u_char **pkt_data)
struct sockaddr_storage host
struct pcap_stat * pcap_stats_ex_remote(pcap_t *p)
Format of the header which encapsulates captured packets when transmitted on the network.
unsigned int uint32
Provides a 32-bits unsigned integer.
int pcap_opensource_remote(pcap_t *p, struct pcap_rmtauth *auth)
uint8 jf
relative offset to jump to in case of 'false'
uint16 portdata
Network port on which the client is waiting at (if 'serveropen')
int rpcap_remoteact_getsock(const char *host, char *errbuf)
uint32 snaplen
Length of the snapshot (number of bytes to capture for each packet)
Structure that keeps the statistics about the number of packets captured, dropped, etc.
int32 tzoff
Timezone offset.
int32 bufsize
Size of the user buffer allocated by WinPcap; it can be different from the one we chose...
uint16 naddr
Number of addresses.
uint8 dummy1
Must be zero.
uint16 desclen
Length of the interface description.
uint8 jt
relative offset to jump to in case of 'true'
uint32 ifdrop
Packets dropped by the network interface (e.g. not enough buffers) (i.e. pcap_stats.ps_ifdrop)